A Summary of Risk Management Tools for Human Factors

Since people’s perception of risk is often incorrect (ex: people have a greater fear of airplane crashes than car crashes, even though airplane crashes occur less frequently), it is important to establish a robust and thorough risk management process to avoid biases and assumptions during device development. Israelski and Muto recommend gathering stakeholders from different functions (clinical, regulatory, quality, engineering, etc.) to form a diverse risk management team. Different perspectives will ensure the team is able to capture most foreseeable risks, assign appropriate severity ratings, and develop comprehensive mitigations. Although not specifically mentioned by the authors, bringing in external consultants with diverse industry experience can be helpful in drafting the risk documentation, since their expertise may bring in a fresh perspective on device usability. Our team has helped many of our clients draft the URRA according to FDA expectations and most importantly, conducted numerous studies that validate mitigations and identify unexpected risks. Of course, as the authors rightfully point out, risk management does not end after you have identified, prioritized, and mitigated risks through an HF validation study. After a product/system is released to the public, the risk management team must then conduct post-market surveillance in case a new risk is found. Just like many other deliverables involved in a product life cycle, risk assessment and management reports are “living documents.”

Before we dive in further, here are some essential terms to keep in mind:

• Hazard - potential source of harm

• Hazardous Situation - circumstances in which people, property, or the environment are exposed to one or more hazards

• Harm - physical injury or damage to health of people or damage to property or the environment

• Use-Related Risk (or Risk) - combination of the probability of occurrence of harm and the severity of that harm. In other words: Risk = Likelihood x Severity

• Use Error (NOT user error or human error 😉) – when the outcome of using a product was different than intended, but not due to a technical malfunction. Here are some types of use errors:

1. Errors of Omission – User fails to perform an action that should have been done. For example, a lapse means a user does not perform an intended action due to failure of memory.

2. Errors of Commission – User performs an action that should not have been done.

• Slip – Intending to perform an action, but the action is not executed as intended

• Mistake – Performing an incorrect action because incorrect knowledge or misinterpreted information

• Violation – intentionally performing an inappropriate or prohibited action (manufacturers do not need to consider abnormal uses, only those that are foreseeable)  

Two of the most common risk management tools are:

1. FMEA – Failure Modes and Effects Analysis (such as a design FMEA - dFMEA or a use FMEA - uFMEA, etc.)

2. FTA – Fault Tree Analysis

There are many other tools (spoilers: HAZOPs, Delphi Technique, etc.) the authors mention, but we’ll be focusing on these two in this article.

Note: You may have also heard the term URRA (use-related risk analysis)! A URRA is a simplified version that focuses mostly on the uFMEA columns that FDA cares about (see Table 1 in the next section).

A uFMEA is a straightforward, “bottom-up” approach to identifying use errors and risks. Check out the graphic below, which outlines the steps described by Israelski and Muto. Note: In a uFMEA, use error = failure mode.

Figure 1: Steps to create a uFMEA, according to Israelski and Muto. Diagram was created by LHF team to summarize the uFMEA chapter in their book. Regarding medical devices and systems, you may already be familiar with a uFMEA since the FDA requires risks to be documented in a format similar to a uFMEA. If this is new information to you, contact the Loring HF team for some regulatory support! Here’s a glimpse of the FDA’s risk table with an example entry:

Table 1: Based on the FDA’s Content of Human Factors Information in Medical Device Marketing Submissions, which was published in December 2022.

Notice how this format excludes a column for likelihood? The FDA asks device manufacturers to focus only on severity, which is a stance Israelski and Muto challenge. They agree that the challenges associated with estimating probabilities for novel technologies and various medical conditions make it difficult to develop accurate likelihood values, but as you may remember, there are two parts to risk: severity and likelihood of occurrence. Ignoring one or the other impacts how realistic risk mitigations can be. The authors believe the FDA’s stance means manufacturers are evaluating residual harm, rather than residual risk, and “reducing harm is much more difficult to accomplish.” Our founder and principal consultant, Beth Loring, recently discussed this point during the April 2023 AAMI Human Factors Standards Committee meeting.

Since a uFMEA allows risks to be dealt with sequentially and individually, it is not necessarily the best approach for identifying errors happening simultaneously. When there are multiple errors leading to a hazardous situation, a fault tree analysis (FTA) may be more suitable.

FTA is a top-down approach, where an undesired event or hazardous situation is first identified, followed by potential use errors that could have led to that situation. See below for a graphic illustrating the process in the book.

Figure 2: Steps to create an FTA, according to Israelski and Muto. Diagram was created by LHF team to summarize the FTA chapter in their book.

The FTA is certainly a more quantitative approach to risk analysis, so make sure to have a calculator ready and talk frequently with your clinical team! Israelski and Muto have some excellent advice on what to do if there is minimal data about probabilities. Most importantly, they provide an in-depth explanation of gates, which can be a tough concept to grasp. It took me a few re-reads before I caught on and I bet they’ve only scratched the surface.